class UsersController < ApplicationController
  layout 'main'
  
  before_filter :admin_required
  
  def index
    @users = User.find(:all, :order => 'login')
    
  end

  # render new.rhtml
  def new
  end

  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    @user = User.new(params[:user])
    @user.save
    if @user.errors.empty?
      redirect_back_or_default('/users')
      flash[:notice] = "User created"
    else
      render :action => 'new'
    end
  end
  
  def edit
    @user = User.find(params[:id])
  end
  
  def update
    @user = User.find(params[:id])
    
    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User was successfully updated.'
        format.html { redirect_to users_path }
      else
        format.html { render :action => "edit" }
      end
    end
  end
  
  def destroy
    
  end

end
